Issue 99. Living another week shouldn’t be casually assumed, but I hope to publish Issue 100 next Tuesday. It certainly seems like something special and for those who know me - shocking.
Feedback is still coming in on the editorial of Issue 96 where I questioned why there is no national mandatory reporter law for elder financial abuse. A follow-up article is necessary. I’m not the only one with deep concerns about the problem, but not all agree with my position. If you missed the article you can find all of the past issues at the main page: Threats Without Borders Newsletter.
Mike Lawson, VP of Security and Loss Prevention for Artisan’s Bank, is looking to share information with other FI’s that are dealing with an increase in Home Equity Line Of Credit (HELOC) fraud. Specifically, the trend of counterfeit checks written on HELOC accounts. Comment below or reply to the newsletter email and I’ll provide you with Mike’s email address.
Zelle goes to the Senate
U.S. Senator Elizabeth Warren’s office released a scathing report about the use of Zelle to facilitate fraud. The investigation found “data from four banks that tallied 192,878 cases worth collectively $213.8 million in 2021 and the first half of 2022 where a customer claimed they had been fraudulently tricked into making a payment. In only roughly 3,500 cases did those banks reimburse the customer”. Although the target is Zelle and its parent company, Early Warning Systems, there are a bucket of peer-to-peer payment services that could be given the same criticism.
Two takes on this: (1) Should it be the payment transfer companies fault because someone did something stupid with their money? Why should any company have to repay the person who willingly sent money to someone else - no matter the reason? How is it the banks fault you fell for a scam? (2) On the other hand, these P2P companies certainly don’t help law enforcement catch the bad guys. Yes, they will comply with search warrants and provide the information demanded, but it’s almost always too late due to their lengthy service times. We’re talking weeks, and in most cases, months. And they are rarely forthcoming or overtly cooperative while doing it.
P.S. - See the “Cool Job” for this week. Kudos to Block Inc./Cash App for taking the initiate to make things better.
Gift Cards….
Almost on queue for last weeks issue, the Pennsylvania State Police issued a press release warning of a gift card scam. The threat actors are contacting people by telephone informing they have an active arrest warrant for a Megan’s Law violation. The only way to avoid arrest, of course, is to pay the fines with gift cards. The callers are spoofing the local PSP barracks phone number as an added touch. Are you a court ordered sexual offender registrant? If not you can’t have a warrant for Megan’s law violation. It so simple, but too many will fall for it. https://www.pennlive.com/news/2022/10/pa-state-police-warn-of-scammers-pretending-to-troopers.html
Why now?
India’s Central Bureau of Investigation (CBI) busted-up two huge call centers that have been run by cybercrime actors since 2015. From the article, “Set up in Pune and Ahmedabad, the centers had about 150 people who would make clandestine calls to the prospective targets in the United States and lure them into making payments on various pretexts. The masked calls would be made via the Voice over Internet Protocol technology to evade detection”. The CBI claimed the FBI (U.S.) just shared information about the call centers “a few months ago”. Seriously, these call centers have been operating for nine years, employ hundreds, make millions of dollars, and it took a tip from the FBI for you to find them? Nah, you just finally decided to crack down on them. So the question becomes….why now? https://www.thehindu.com/news/national/operation-chakra-call-centres-busted-by-cbi-were-operating-since-2014-15/article65972948.ece
Why rob a bank?
Because thats where the money is. So the old adage goes. The majority of cybercrime actors are in it for the money, so of course they are going to target organizations that provide them the largest yield. Akamai details how threat actors are still focusing on financial institutions and the situation isn’t going to get any better. https://www.akamai.com/blog/security/financial-services-malware-just-wont-die
It’s like a soap opera
The Conti ransomware group is certainly one of the most prolific and successful crime groups currently in operation. It is also one of the most dramatic. The group is becoming well known for internal conflict and earlier this year a disgruntled affiliate leaked organizational documents including chat logs. Flashpoint wrote this expose on the group that not only gives historical context but also provides a good overview of the ransomware ecosystem. https://flashpoint.io/blog/history-of-conti-ransomware/
The Rest…
While most of us revere our military service members the criminal only cares about the depth of their wallet. The Military Times details scams targeting members of the armed services and offers some prevention tips. https://www.militarytimes.com/news/your-military/2022/10/04/how-to-best-protect-against-online-scams-targeting-service-members/
Poor guy thought his $23,000 “investment” would return $210,000. He got a suitcase of toilet paper instead. https://www.pennlive.com/news/2022/10/central-pa-man-fell-for-investment-scheme-promising-210k-cash-he-got-something-else.html
Georgia man who laundered millions from romance scams, business email compromises, and other online fraud receives 25-year sentence. https://www.justice.gov/usao-ndga/pr/georgia-man-who-laundered-millions-romance-scams-business-email-compromises-and-other
Cool Job
Scams Investigations Lead - Cash App. https://www.smartrecruiters.com/Square/743999855830631
Cool Tool
Create instant disposable email addresses to prevent spam.
Irrelevant
Do you know the three types of meetings? https://camdaigle.com/posts/three-types-of-meetings/
I’ll be speaking at the 14th Annual Conference of the Central Pennsylvania Chapter of the Association of Certified Fraud Examiners this week. I’d love to connect if you’re in attendance.
Thank You for opening this weeks email and supporting the Tw/oB Newsletter.
Matt
“Demotivated because of how long it takes? The time will pass anyways.”